frontpage: Show shortcuts that public even if need a group

Closes: #1659. When shortcuts have login_required=False and allow_groups set to a list of groups, the current behavior for logged in users is to match for allowed_groups even when login_required is False. Thus, for searx, when public mode is enabled searx shortcut is not shown for logged in users who are not part of searx group. Fix this by ignoring allowed_groups if login_required is False. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-01-21 07:55:00 +00:00 · 2019-10-15 13:28:43 -07:00 · 2019-10-15 13:28:43 -07:00 · 054a3744d5
commit 054a3744d5
parent 91da0996a4
2 changed files with 16 additions and 4 deletions
--- a/plinth/frontpage.py
+++ b/plinth/frontpage.py
@ -78,7 +78,9 @@ class Shortcut(app.FollowerComponent):

        'allowed_groups' specifies a list of user groups to whom this shortcut
        must be shown. All other user groups will not be shown this shortcut on
-        the frontpage.
+        the frontpage. If 'login_required' is False, this property has not
+        effect and the shortcut is shown to all the users including anonymous
+        users.

        """
        super().__init__(component_id)
@ -131,7 +133,7 @@ class Shortcut(app.FollowerComponent):

        shortcuts = {}
        for shortcut_id, shortcut in cls._all_shortcuts.items():
-            if shortcut.allowed_groups and \
+            if shortcut.login_required and shortcut.allowed_groups and \
               user_groups.isdisjoint(shortcut.allowed_groups):
                continue

--- a/plinth/tests/test_frontpage.py
+++ b/plinth/tests/test_frontpage.py
@ -86,9 +86,9 @@ def fixture_common_shortcuts(clean_global_shortcuts):
    shortcuts = [
        Shortcut('anon-web-app-component-1', 'name1', 'short4', url='url1'),
        Shortcut('group1-web-app-component-1', 'Name2', 'Short3', url='url2',
-                 allowed_groups=['group1']),
+                 login_required=True, allowed_groups=['group1']),
        Shortcut('group2-web-app-component-1', 'name3', 'short2', url='url3',
-                 allowed_groups=['group2']),
+                 login_required=True, allowed_groups=['group2']),
        Shortcut('anon-non-web-app-component-1', 'name4', 'short1', url=None),
    ]
    return shortcuts
@ -142,6 +142,16 @@ def test_shortcut_list_with_username(superuser_run, common_shortcuts):
    return_list = Shortcut.list(username='user2')
    assert return_list == [cuts[0], cuts[1], cuts[2], cuts[3]]

+    cut = Shortcut('group2-web-app-component-1', 'name5', 'short2', url='url4',
+                   login_required=False, allowed_groups=['group3'])
+    superuser_run.return_value = 'group3'
+    return_list = Shortcut.list(username='user3')
+    assert return_list == [cuts[0], cuts[3], cut]
+
+    superuser_run.return_value = 'group4'
+    return_list = Shortcut.list(username='user4')
+    assert return_list == [cuts[0], cuts[3], cut]
+

@pytest.mark.usefixtures('nextcloud_shortcut')
 def test_add_custom_shortcuts():